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Remarks 

Reconsideration of this Application is respectfully requested. 

Claims 46-70 are pending in the application, with claims 46 and 64 being the 
independent claims. Based on the following remarks, Applicants respectfully request 
that the Examiner reconsider all outstanding objections and rejections and that they be 
withdrawn. 

Rejection under 35 U.S.C. § 112 

Claims 46-70 were rejected under 35 U.S.C. § 1 12, first paragraph, for 
allegedly failing to comply with the written description requirement. Specifically, the 
Examiner states M [a]fter a search of the words simultaneous(ly) and parallel, in the 
original specification, Examiner was not able to find determining security association 
with each data packet in a plurality of data packets with a data flow between a source 
and destination simultaneously. It appears that the claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention." (Office Action, p. 3.) 

Applicants respectfully traverse. "To satisfy the written description 
requirement, a patent specification must describe the claimed invention in sufficient 
detail that one skilled in the art can reasonable conclude that the inventor had 
possession of the claimed invention." MPEP § 2263.1. In contrast to the Examiner's 
assertion, Applicants' specification unequivocally describes determining security 
association information for the plurality of data packets simultaneously. 
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The specification discloses, for example, an Advanced Classification Engine 
(ACE) that "functions as a complete hardware IPSec Security Association Database 
lookup engine." (Specification, p. 21, 11. 3-4.) The specification further states that the 
ACE has "fully pipelined non-blocking out-of order design. Four datagrams can be 
processed simultaneously and out of order to keep throughput at fully rated 
wirespeed." (Specification, p. 21, 11. 18-20.)(emphasis added.) Additionally, the 
specification explains that the design of the ACE is "fully pipelined, such that 
multiple headers are in different stages of ACE processing at any given time. In 
addition, ACE implements non-blocking out-of-order processing of up to four 
packets," (Specification, p. 25, 11. 3-6.) 

Accordingly, Applicants' specification sufficiently describes "wherein the 
classification module is configured to determine the security association information 
for the plurality of data packets simultaneously" as recited in independent claim 46 
and "simultaneously determining security association information associated with 
each data packet in the plurality of data packets in the data flow," as recited in 
independent claim 64. 

Reconsideration and withdrawal of this rejection as to independent claims 46 
and 64 and their respective dependent claims 47-63 and 65-70 are respectfully 
requested. 

Rejections under 35 U.S.C. §103 

Feiken and Oskouv 

Claims 46-49, 55-57, 60, and 64-66 were rejected under 35 U.S.C. § 103(a) as 
allegedly being unpatentable over Feiken et al., U.S. Patent No. 5,870,479 ("Feiken") 
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in view of Oskouy et al 9 U.S. Patent No. 6,791,947 ("Oskouy"). Applicants 

respectfully traverse this rejection. 

The combination of Feiken and Oskouy fails to disclose each and every 
feature of independent claims 46 and 64. Feiken describes an identification unit that 
processes data packet headers in sequence. In Feiken, a "data packet which enters the 
device 1 is first temporarily stored in the buffer 10. During this time, the header of 
the packet is copied to the identification unit 14, where the channel (in the case of 
ATM, the virtual channel or the virtual path) of the data packet is determined." 
(Feiken, col. 3, line 66 - col. 4, line 3.) Using this identification, the control unit 
"activates the other sections of the device." (Feiken, col. 4, lines 3-7.) In Feiken, "the 
buffer 10 is instructed to release the data packet concerned, while the memory 13 is 
instructed to place the information belonging to said channel (for example, the key 
and the status of the encrypting/decrypting procedure, and optionally the software of a 
processing) on the bus 15." (Feiken, col. 4, lines 8-14.) 

Thus, Feiken fails to disclose at least the feature of "a classification module in 
the device that determines security association information associated with each data 
packet in a plurality of data packets associated with a data flow between a source and 
destination, wherein the classification module is configured to determine the security 
association information for the plurality of data packets simultaneously," as recited in 
independent claim 46 and "receiving, in the device, at least a portion of a header for 
each data packet in a plurality of data packets associated with a data flow between a 
source and destination; simultaneously determining security association information 
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associated with each data packet in the plurality of data packets in the data flow," as 

recited in independent claim 64. 

The Examiner acknowledges that Feiken "does not explicitly state that the 
classification module is configured to determine the security association information 
associated for the plurality of data packets simultaneously." (Office Action, p. 4.) 
However, the Examiner alleges that Oskouy provides this missing teaching. 
Applicants respectfully disagree. 

Oskouy generally describes a "method and apparatus for in-line processing a 
data packet while routing the packet through a router in a system transmitting data 
packets between a source and a destination over a network including the router." 
(Oskouy, Abstract.) In Oskouy, a L3 header parser "examines L3 header data while 
snooping on the bus to derive values for the various L3 flags stored in a cell header." 
(Oskouy, 1 1 :6-9.) An L2 header parser "derives a series of L2 flags while processing 
the L2 header." (Oskouy, 1 1 :9-10.) The flags derived by the L2 and L3 parsers 
include a packet loss priority flag, a send packet to processor flag, a sample packet 
flag, a physical multicast flag, an option flag, a packet priority flag, a transmission 
control protocol (TCP) flag, a protocol type flag, and a don't fragment (DF) flag. In 
the Office Action, the Examiner equates these L2 and L3 flags to "security association 
information." Applicants respectfully disagree. 

A security association provides a mechanism to associate security services and 
key(s) with traffic to be protected and the parties with whom traffic is being 
exchanged. The specification repeatedly explains that security association 
information includes at a minimum cryptographic keys. (Specification, p. 8, 11. 9-10; 
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p. 1 1, 11. 1-2; p. 12, 11. 3-5; p. 23, 11. 6-10.) This is supported by the Internet 
Engineering Task Force (IETF) that defines a security association and outlines 
required security association information to be stored in a security association 
database for retrieval. See e.g., IETF RFC 2401. The IETF required security 
association information includes sequence number, anti-reply data, authentication 
algorithm and keys for IPSec authentication header (AH) implementations and IPSec 
encapsulating security payload (ESP) implementations, and encryption algorithm and 
keys for IPSec ESP implementation, and lifetime of the security association. See 
IETF RFC 2401, p. 21. 

As would be appreciated by a person of skill in the art, the L2 and L3 flags are 
not security association information. Accordingly, Oskouy also does not disclose at 
least the feature of "a classification module in the device that determines security 
association information associated with each data packet in a plurality of data packets 
associated with a data flow between a source and destination, wherein the 
classification module is configured to determine the security association information 
for the plurality of data packets simultaneously," as recited in independent claim 46 
and "receiving, in the device, at least a portion of a header for each data packet in a 
plurality of data packets associated with a data flow between a source and destination; 
simultaneously determining security association information associated with each data 
packet in the plurality of data packets in the data flow," as recited in independent 
claim 64. 

Accordingly, the combination of Feiken and Oskouy fails to teach or suggest 
each and every feature of independent claims 46 and 64. For at least the above 
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reasons, independent claims 46 and 64 are patentable over the combination of Feiken 

and Oskouy. Claims 47-49, 55-57, and 60 depend from claim 46 and claims 65 and 

66 depend from claim 64. For at least the above reasons, and further in view of their 

own features dependent claims 47-49, 55-57, 60, 65, and 66 are patentable over the 

combination of Feiken and Oskouy. Reconsideration and withdrawal of the rejection 

are therefore respectfully requested. 

Feiken, Oskouy, and Ellis 

Claims 50-54, 58, 59, 61, and 62 were rejected under 35 U.S.C. § 103(a) as 
being unpatentable over Feiken and Oskouy further in view of Ellis, U.S. Patent No. 
6,484,257 (Ellis). Applicants respectfully traverse this rejection. 

Claims 50-53, 58, 59, 61, and 62 depend from claim 46. Ellis does not 
overcome all of the deficiencies of the combination of Feiken and Oskouy relative to 
independent claim 46. For at least this reason, and further in view of their own 
features, claims 50-54, 58, 59, 61, and 62 are patentable over the combination of 
Feiken, Oskouy and Ellis. 

Feiken, Oskouy, and Leung 

Claims 67-70 were rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Feiken and Oskouy further in view of Leung, U.S. Patent No. 6,760,444 (Leung). 
Applicants respectfully traverse this rejection. 

Claims 67-70 depend from claim 64. Leung does not overcome all of the 
deficiencies of the combination of Feiken and Oskouy relative to independent claim 
64. For at least this reason, and further in view of their own features, claims 67-70 are 
patentable over the combination of Feiken, Oskouy, and Leung. 
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Feiken, Oskouy, and Ober 

Claim 63 was rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Feiken and Oskouy further in view of Ober, et al, U.S. Patent No. 6,708,273 (Ober). 
Applicants respectfully traverse this rejection. 

Claim 63 depends from claim 46. Ober does not overcome all of the 
deficiencies of the combination of Feiken and Oskouy relative to independent claim 
46. For at least this reason, and further in view of its own features, claim 63 is 
patentable over the combination of Feiken, Oskouy. and Ober. 

Conclusion 

All of the stated grounds of rejection have been properly traversed, 
accommodated, or rendered moot. Applicants therefore respectfully request that the 
Examiner reconsider all presently outstanding rejections and that they be withdrawn. 
Applicants believe that a full and complete reply has been made to the outstanding 
Office Action and, as such, the present application is in condition for allowance. If 
the Examiner believes, for any reason, that personal communication will expedite 
prosecution of this application, the Examiner is invited to telephone the undersigned 
at the number provided. 
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Prompt and favorable consideration of this Reply is respectfully requested. 

Respectfully submitted, 

Sterne, Kessler, Goldstein & Fox p.l.l.c. 

NLqh'A. Gordon 
Attorney for Applicants 
Registration No. 50,633 
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